Java Code Examples for org.keycloak.representations.idm.RealmRepresentation#setFailureFactor()
The following examples show how to use
org.keycloak.representations.idm.RealmRepresentation#setFailureFactor() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: BruteForceTest.java From keycloak with Apache License 2.0 | 6 votes |
|
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
UserRepresentation user = RealmRepUtil.findUser(testRealm, "test-user@localhost");
UserBuilder.edit(user).totpSecret("totpSecret");
testRealm.setBruteForceProtected(true);
testRealm.setFailureFactor(2);
testRealm.setMaxDeltaTimeSeconds(20);
testRealm.setMaxFailureWaitSeconds(100);
testRealm.setWaitIncrementSeconds(5);
//testRealm.setQuickLoginCheckMilliSeconds(0L);
userId = user.getId();
RealmRepUtil.findClientByClientId(testRealm, "test-app").setDirectAccessGrantsEnabled(true);
testRealm.getUsers().add(UserBuilder.create().username("user2").email("user2@localhost").password("password").build());
}
Example 2
| Source File: BruteForceTest.java From keycloak with Apache License 2.0 | 6 votes |
|
@Before
public void config() {
try {
clearUserFailures();
clearAllUserFailures();
RealmRepresentation realm = adminClient.realm("test").toRepresentation();
realm.setFailureFactor(2);
realm.setMaxDeltaTimeSeconds(20);
realm.setMaxFailureWaitSeconds(100);
realm.setWaitIncrementSeconds(5);
adminClient.realm("test").update(realm);
} catch (Exception e) {
throw new RuntimeException(e);
}
events.clear();
}
Example 3
| Source File: BruteForceTest.java From keycloak with Apache License 2.0 | 6 votes |
|
@After
public void slowItDown() throws Exception {
try {
clearUserFailures();
clearAllUserFailures();
RealmRepresentation realm = adminClient.realm("test").toRepresentation();
realm.setMaxFailureWaitSeconds(900);
realm.setMinimumQuickLoginWaitSeconds(60);
realm.setWaitIncrementSeconds(60);
realm.setQuickLoginCheckMilliSeconds(1000L);
realm.setMaxDeltaTimeSeconds(60 * 60 * 12); // 12 hours
realm.setFailureFactor(30);
adminClient.realm("test").update(realm);
testingClient.testing().setTimeOffset(Collections.singletonMap("offset", String.valueOf(0)));
} catch (Exception e) {
throw new RuntimeException(e);
}
events.clear();
Thread.sleep(100);
}
Example 4
| Source File: AbstractX509AuthenticationTest.java From keycloak with Apache License 2.0 | 5 votes |
|
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
ClientRepresentation app = ClientBuilder.create()
.id(KeycloakModelUtils.generateId())
.clientId("resource-owner")
.directAccessGrants()
.secret("secret")
.build();
UserRepresentation user = UserBuilder.create()
.id(KeycloakModelUtils.generateId())
.username("Keycloak")
.email("localhost@localhost")
.enabled(true)
.password("password")
.addAttribute("x509_issuer_identity", "Keycloak Intermediate CA")
.build();
userId2 = user.getId();
ClientRepresentation client = findTestApp(testRealm);
URI baseUri = URI.create(client.getRedirectUris().get(0));
URI redir = URI.create("https://localhost:" + System.getProperty("auth.server.https.port", "8543") + baseUri.getRawPath());
client.getRedirectUris().add(redir.toString());
testRealm.setBruteForceProtected(true);
testRealm.setFailureFactor(2);
RealmBuilder.edit(testRealm)
.user(user)
.client(app);
}
Example 5
| Source File: AttackDetectionResourceTest.java From keycloak with Apache License 2.0 | 5 votes |
|
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
testRealm.setBruteForceProtected(true);
testRealm.setFailureFactor(2);
testRealm.getUsers().add(UserBuilder.create().username("test-user2").password("password").build());
}
Example 6
| Source File: FlowOverrideTest.java From keycloak with Apache License 2.0 | 5 votes |
|
private void setupBruteForce() {
RealmRepresentation testRealm = adminClient.realm("test").toRepresentation();
testRealm.setBruteForceProtected(true);
testRealm.setFailureFactor(2);
testRealm.setMaxDeltaTimeSeconds(20);
testRealm.setMaxFailureWaitSeconds(100);
testRealm.setWaitIncrementSeconds(5);
adminClient.realm("test").update(testRealm);
}
Example 7
| Source File: RealmInvalidationClusterTest.java From keycloak with Apache License 2.0 | 5 votes |
|
@Override
protected RealmRepresentation testEntityUpdates(RealmRepresentation realm, boolean backendFailover) {
// realm name
String originalName = realm.getRealm();
realm.setRealm(realm.getRealm() + "_updated");
realm = updateEntity(originalName, realm, getCurrentFailNode());
verifyEntityUpdateDuringFailover(realm, backendFailover);
// enabled
realm.setEnabled(!realm.isEnabled());
realm = updateEntityOnCurrentFailNode(realm, "enabled");
verifyEntityUpdateDuringFailover(realm, backendFailover);
// public key
realm.setPublicKey("GENERATE");
realm = updateEntityOnCurrentFailNode(realm, "public key");
assertNotEquals("GENERATE", realm.getPublicKey());
verifyEntityUpdateDuringFailover(realm, backendFailover);
// require ssl
realm.setSslRequired("all");
realm = updateEntityOnCurrentFailNode(realm, "require ssl");
verifyEntityUpdateDuringFailover(realm, backendFailover);
// brute force detection
realm.setBruteForceProtected(!realm.isBruteForceProtected());
realm = updateEntityOnCurrentFailNode(realm, "brute force");
verifyEntityUpdateDuringFailover(realm, backendFailover);
// brute force detection - failure factor
realm.setBruteForceProtected(true);
realm.setFailureFactor(realm.getFailureFactor() + 1);
realm = updateEntityOnCurrentFailNode(realm, "brute force failure factor");
verifyEntityUpdateDuringFailover(realm, backendFailover);
return realm;
}
Example 8
| Source File: AbstractAdvancedBrokerTest.java From keycloak with Apache License 2.0 | 4 votes |
|
@Test
public void testPostBrokerLoginFlowWithOTP_bruteForceEnabled() {
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
testingClient.server(bc.consumerRealmName()).run(configurePostBrokerLoginWithOTP(bc.getIDPAlias()));
// Enable brute force protector in cosumer realm
RealmResource realm = adminClient.realm(bc.consumerRealmName());
RealmRepresentation consumerRealmRep = realm.toRepresentation();
consumerRealmRep.setBruteForceProtected(true);
consumerRealmRep.setFailureFactor(2);
consumerRealmRep.setMaxDeltaTimeSeconds(20);
consumerRealmRep.setMaxFailureWaitSeconds(100);
consumerRealmRep.setWaitIncrementSeconds(5);
realm.update(consumerRealmRep);
try {
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
logInWithBroker(bc);
totpPage.assertCurrent();
String totpSecret = totpPage.getTotpSecret();
totpPage.configure(totp.generateTOTP(totpSecret));
assertNumFederatedIdentities(realm.users().search(bc.getUserLogin()).get(0).getId(), 1);
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
logInWithBroker(bc);
loginTotpPage.assertCurrent();
// Login for 2 times with incorrect TOTP. This should temporarily disable the user
loginTotpPage.login("bad-totp");
Assert.assertEquals("Invalid authenticator code.", loginTotpPage.getError());
loginTotpPage.login("bad-totp");
Assert.assertEquals("Invalid authenticator code.", loginTotpPage.getError());
// Login with valid TOTP. I should not be able to login
loginTotpPage.login(totp.generateTOTP(totpSecret));
Assert.assertEquals("Invalid authenticator code.", loginTotpPage.getError());
// Clear login failures
String userId = ApiUtil.findUserByUsername(realm, bc.getUserLogin()).getId();
realm.attackDetection().clearBruteForceForUser(userId);
loginTotpPage.login(totp.generateTOTP(totpSecret));
waitForAccountManagementTitle();
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
} finally {
testingClient.server(bc.consumerRealmName()).run(disablePostBrokerLoginFlow(bc.getIDPAlias()));
// Disable brute force protector
consumerRealmRep = realm.toRepresentation();
consumerRealmRep.setBruteForceProtected(false);
realm.update(consumerRealmRep);
}
}
